System, method, and program product for processing secure transactions within a cloud computing system
Abstract
Particular systems, methods, and program products for web-based security systems for user authentication and processing in a distributed computing environment are disclosed. A computing sub-system may receive an electronic processing request and a first signed data packet having a first payload that was hashed and encrypted using a first private key. The first payload may comprise first processing output and a first timestamp. The sub-system may verify the first signed data packet by decrypting it using a first public key. The sub-system may execute computing operations to satisfy the electronic processing request, producing second processing output. The sub-system may configure a data packet with a second payload comprising at least the second processing output and a second timestamp. The sub-system may encrypt the second payload using a second private key producing a second signed data packet. The sub-system may transmit to a second sub-system the second signed data packet.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A system comprising:
(1) one or more processors;
(2) non-transitory computer-readable memory operatively connected to the one or more processors, the non-transitory computer-readable memory having stored thereon machine-readable instructions that, when executed by the one or more processors, cause the one or more processors to perform a method comprising:
(a) sending, by a user device, an electronic login request to a web server;
(b) receiving, at the user device, first display data from the web server in response to the login request;
(c) displaying, at the user device, the first display data;
(d) receiving, at the user device, credential information associated with a user of the user device provided in response to the first display data;
(e) transmitting, from the user device, the credential information to the web server;
(f) receiving, from the web server, second display data and a first signed identity provider data packet including a first payload comprising first login credential verification information, a first timestamp, a session identifier, and a first identity provider sub-system digital signature, wherein the first signed identity provider data packet provides an indication that a user session is authenticated and is signed with a first identity provider sub-system digital signature that is generated by generating a hash of the first payload and encrypting the hash of the first payload using a first identity provider sub-system private key;
(g) displaying, at the user device, the second display data;
(h) storing, at the user device, the first signed identity provider data packet;
(i) providing, at the user device, user data associated with the user after display of the second display data;
(j) transmitting, to the web server, the user data and the first signed identity provider data packet;
(k) receiving, from the web server, a second signed identity provider data packet including a second payload comprising a current time stamp, authentication verification information, user identification information and session identification information and third display data, where the authentication verification information is provided from a first sub-system and is signed with a second identity provider sub-system digital signature that is generated by generating a hash of the second payload and encrypting the hash of the second payload using the first identity provider sub-system private key;
(l) displaying, at the user device, the third display data; and
(m) storing, at the user device, the second signed identity provider data packet.
2. The system of claim 1 , where the step of sending an electronic login request comprises:
(i) navigating, using the user device, to a URL; and
(ii) selecting, using the user device, a login user interface.
3. The system of claim 1 , wherein the first display data comprises machine-readable instructions to render a graphical user interface for inputting the credential information.
4. The system of claim 1 , wherein the credential information comprises a username and password associated with the user of the user device.
5. The system of claim 1 , wherein the second display data comprises machine-readable instructions to render a webpage.
6. The system of claim 1 , wherein the user data is multi-factor authentication data associated with the user of the user device.
7. The system of claim 1 , wherein the third display data comprises machine-readable instructions to render content of a distributed computer system to which the web server is connected and access to which is dependent on authentication of the user using the user data.
8. The system of claim 1 , further comprising steps of:
(n) transmitting, from the user device, an electronic user request and the second signed identity provider data packet;
(o) receiving, from the web server, fourth display data and a third signed identity provider data packet including a third payload comprising a second current time stamp, a session identifier, user identifier and verification information;
(p) rendering, at the user device, a display based on the fourth display data; and
(q) storing, at the user device, the third signed identity provider data packet.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.